How to reduce insider security and data loss threats

Tuesday 2 July 2013

Business leaders are well aware of the importance of securing data and guarding IT systems against external threats. Indeed, many organisations invest heavily in defensive strategies, in a bid to ensure the integrity of information. In the digital age, companies face a variety of online threats, meaning it is important to be proactive in your security strategy.

A recent study conducted by Iron Mountain and PricewaterhouseCoopers revealed that companies which suffer data loss often struggle to attract business partners, and maintain the loyalty of their customers. Clearly this puts them at a competitive disadvantage compared to the rest of the market - it is vitally important to keep a firm's reputation intact.

But one of the major problems organisations face is ensuring their employees embrace IT security best practice, and follow the set procedures and rules at all times. Too often, when data breaches occur, it is because of human error or negligence. Business leaders cannot control every action of the people they employ, they can only establish rules and processes which minimise the risk.

So what should employers be doing to ensure their workers do not jeapordise corporate data, and the reputation of the organisation? Here are a few tips for reducing insider security risks.

Begin training from the outset - employers can begin the IT security training process on the day an individual joins the company, highlighting the importance of the issue in the wider context of the job and organisation.

Continue training - regular top-up training and development sessions can reinforce IT security best practice, reminding workers of their responsibilities and the potential risks should they fall short of meeting them.

Control account access - employees should only have access to systems, accounts and data they require to perform their daily duties. Privileged access should be reserved for senior members of staff, and those who need it to do their job effectively.

Require strong passwords - a clear policy on usernames and passwords is essential. Employees should use passwords containing both letters and numbers, and these should be at least eight characters long.

Refresh passwords - changing passwords at regular intervals can also potentially reduce the risks, in the event that someone has acquired a password that does not belong to them. Passwords used by contractors and other temporary staff members should be deactivated as soon as the placement ends.

Screen all employees - rigorous background checking can help flag up any potential issues with would-be employees. If the screening process raises concerns about an individual's integrity, or their past behaviour, the company does not need to hire them.

Monitor high risk users - all employees within the organisation should be monitored, including trusted individuals with a high level of security clearance. Everyone working for the organisation should understand that they are responsible for their own actions and fully accountable should they step out of line.

Conduct cloud audits - if data is being held by a third party off-site in the cloud, business leaders need to ensure they fully understand their own security responsibilities. Often it the cloud user, rather than the provider, that is required to ensure data and connections are secure. Firms should check their service level agreement.

Take charge with BYOD - businesses need to have a clear bring your own device (BYOD) policy, and set certain boundaries to ensure employees do not run amok with sensitive data. If staff members want to embrace BYOD, it must be using devices which the corporate network can fully support. In addition, business data should be segregated from personal information where possible. Employees must know their BYOD rights and responsibilities.

Microsoft IT security solutions can help your organisation safeguard its IT systems and data. To find out more, click here.

Posted by Alex Boardman